You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

"If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well."-http://cwe.mitre.org/

Non compliant code

function(1, 2);
...
void function(int one, int two, int three){
printf("args %d %d $d, one, two, three);
}

solution: "Implementation: Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function." -http://cwe.mitre.org/

Compliant code

void function(int one, int two, int three); //at top of file or in .h file
...
function(1,2) //compiler error

Also using a compiler setting that checks for implicity declared function will prevent accidentily calling a function before it is declared.

Risk Assesment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRAFT

3 (high)

3 (likely)

2 (medium)

P18

L1

References

  • No labels